summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark Benvenuto <mark.benvenuto@mongodb.com>2016-09-22 17:03:15 -0400
committerMark Benvenuto <mark.benvenuto@mongodb.com>2016-09-22 17:03:15 -0400
commit168d00f4aacf2f6f792009e0e5049706af43b9e5 (patch)
treec6e95226cc76ee78b808ae3ef3abc591ec26ac75
parent1402e83f1eaf3fed2d958980ee57cb15dfac4f09 (diff)
downloadmongo-168d00f4aacf2f6f792009e0e5049706af43b9e5.tar.gz
SERVER-26101 DBDirectClient isn't safe to auth
Diffstat
-rw-r--r--jstests/core/evalh.js14
-rw-r--r--src/mongo/scripting/mozjs/mongo.cpp2
2 files changed, 15 insertions, 1 deletions
diff --git a/jstests/core/evalh.js b/jstests/core/evalh.js
new file mode 100644
index 00000000000..1eb928bf47f
--- /dev/null
+++ b/jstests/core/evalh.js
@@ -0,0 +1,14 @@
+/**
+ * Test that db.eval does not support auth.
+ */
+(function() {
+ 'use strict';
+
+ // The db.auth method call getMongo().auth but catches the exception.
+ assert.eq(0, db.eval('db.auth("reader", "reader")'));
+
+ // Call the native implementation auth function and verify it does not exist under the db.eval
+ // javascript context.
+ assert.throws( function() { db.eval('db.getMongo().auth("reader", "reader")'); });
+})();
+
diff --git a/src/mongo/scripting/mozjs/mongo.cpp b/src/mongo/scripting/mozjs/mongo.cpp
index 2c887804203..68d6b05719f 100644
--- a/src/mongo/scripting/mozjs/mongo.cpp
+++ b/src/mongo/scripting/mozjs/mongo.cpp
@@ -52,7 +52,7 @@ namespace mongo {
namespace mozjs {
const JSFunctionSpec MongoBase::methods[] = {
- MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(auth, MongoLocalInfo, MongoExternalInfo),
+ MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(auth, MongoExternalInfo),
MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(close, MongoExternalInfo),
MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(
copyDatabaseWithSCRAM, MongoLocalInfo, MongoExternalInfo),
View Lorry Controller Status